Install and use the automation tool Ansible in CentOS 7

Ansible is a free and open source configuration and automation tool developed for Unix like systems. It's written in Python, similar to Chef and Puppet, but with one difference and advantage, we don't need to install any clients in the node. It uses SSH to communicate with nodes.

Step 1: install Ansible using yum

rpm -ivh ansible-2.4.2.0-1.fc28.noarch.rpm

After installation, check the ansible version:

[root@localhost soft]# ansible --version
ansible 2.4.2.0
  config file = /etc/ansible/ansible.cfg
  configured module search path = [u'/root/.ansible/plugins/modules',u'/usr/share/ansible/plugins/modules']
  ansible python module location = /usr/lib/python2.7/site-packages/ansible
  executable location = /usr/bin/ansible
  python version = 2.7.5 (default, Aug  4 2017, 00:39:18) [GCC 4.8.5 20150623 (Red Hat 4.8.5-16)]

Step 2: set SSH key for node authentication
The key is generated in Ansible server and copied to the node.

[root@localhost soft]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:pvR6iWfppGPSFZlAqP35/6DEtGTvaMY64otThWoBTuk root@localhost.localdomain
The key's randomart image is:
+---[RSA 2048]----+
|  .  o.          |
|.o  . .          |
|+. o . . o       |
| Eo o . +        |
|   o o..S.       |
|  o ..oO.o       |
| . . ..=*oo      |
|  ..o *=@+ .     |
|  .oo=+@+.o..    |
+----[SHA256]-----+

Use the SSH copy ID command to copy the Ansible public key to the node.

root@localhost ~]# ssh-copy-id -i root@worker1
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@worker1's password:

Number of key(s) added: 1

Now try logging into the machine, with:   "ssh 'root@worker1'"
and check to make sure that only the key(s) you wanted were added.

Step 3: define the list of nodes for Ansible

The file / etc/ansible/hosts maintains the list of servers in Ansible.

# This is the default ansible 'hosts' file.
#
# It should live in /etc/ansible/hosts
#
#   - Comments begin with the '#' character
#   - Blank lines are ignored
#   - Groups of hosts are delimited by [header] elements
#   - You can enter hostnames or ip addresses
#   - A hostname/ip can be a member of multiple groups

# Ex 1: Ungrouped hosts, specify before any group headers.

## green.example.com
## blue.example.com
## 192.168.100.1
## 192.168.100.10

# Ex 2: A collection of hosts belonging to the 'webservers' group

## [webservers]
## alpha.example.org
## beta.example.org
## 192.168.1.100
## 192.168.1.110

# If you have multiple hosts following a pattern you can specify
# them like this:

## www[001:006].example.com

# Ex 3: A collection of database servers in the 'dbservers' group

## [dbservers]
##
## db01.intranet.mydomain.net
## db02.intranet.mydomain.net
## 10.25.1.56
## 10.25.1.57

# Here's another example of host ranges, this time there are no
# leading 0s:
[test-servers]
worker1
worker2

## db-[99:101]-node.example.com

Step 4: try to run the command on Ansible server
1. Use ping to check the connectivity of 'test servers' or ansible nodes.

[root@localhost ansible]# ansible -m ping 'test-servers'
worker1 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}
worker2 | SUCCESS => {
    "changed": false,
    "ping": "pong"
}

Execute shell command
1. Check the uptime of Ansible node

[root@localhost ansible]# ansible -m command -a 'uptime' 'test-servers'
worker2 | SUCCESS | rc=0 >>
 16:18:18 up  1:22,  3 users,  load average: 0.03, 0.04, 0.27

worker1 | SUCCESS | rc=0 >>
 16:18:19 up  1:22,  3 users,  load average: 0.00, 0.02, 0.24

2. Check the kernel version of the node

[root@localhost ansible]# ansible -m command -a 'uname -r' 'test-servers'
worker1 | SUCCESS | rc=0 >>
3.10.0-327.el7.x86_64

worker2 | SUCCESS | rc=0 >>
3.10.0-327.el7.x86_64

3. Add users to the node

[root@localhost ansible]# ansible -m command -a 'useradd mark' 'test-servers'
worker2 | SUCCESS | rc=0 >>


worker1 | SUCCESS | rc=0 >>

[root@localhost ansible]# ansible -m command -a 'grep mark /etc/passwd' 'test-servers'
worker2 | SUCCESS | rc=0 >>
mark:x:1000:1000::/home/mark:/bin/bash

worker1 | SUCCESS | rc=0 >>
mark:x:1000:1000::/home/mark:/bin/bash

4. Redirect output to file

[root@localhost ansible]# ansible -m command -a 'df -TH' 'test-servers' > /tmp/command-output.txt
[root@localhost ansible]# cat /tmp/command-output.txt
worker1 | SUCCESS | rc=0 >>
//File system type capacity used available used% Mount point
/dev/sda2      ext4       17G  2.6G   14G   17% /
devtmpfs       devtmpfs  239M     0  239M    0% /dev
tmpfs          tmpfs     249M     0  249M    0% /dev/shm
tmpfs          tmpfs     249M  9.1M  240M    4% /run
tmpfs          tmpfs     249M     0  249M    0% /sys/fs/cgroup
/dev/sda1      ext4      199M  127M   58M   69% /boot
/dev/sda5      ext4      2.1G  6.4M  2.0G    1% /home
tmpfs          tmpfs      50M     0   50M    0% /run/user/0
worker2 | SUCCESS | rc=0 >>
//File system type capacity used available used% Mount point
/dev/sda2      ext4       17G  2.6G   14G   17% /
devtmpfs       devtmpfs  239M     0  239M    0% /dev
tmpfs          tmpfs     249M     0  249M    0% /dev/shm
tmpfs          tmpfs     249M  9.1M  240M    4% /run
tmpfs          tmpfs     249M     0  249M    0% /sys/fs/cgroup
/dev/sda1      ext4      199M  127M   58M   69% /boot
/dev/sda5      ext4      2.1G  6.4M  2.0G    1% /home
tmpfs          tmpfs      50M     0   50M    0% /run/user/0

reference resources:

http://www.linuxidc.com/Linux/2015-10/123801.htm

Tags: ansible ssh Python RPM

Posted on Tue, 05 May 2020 08:45:37 -0700 by cneale